ApplnNo. 10/780,098 

Amendment dated March 30, 2009 

Reply to Office Action of December 30, 2008 

Docket No. BOC9-2003-0087 (458) 

Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims in the 
instant application: 

Listing of Claims: 

1. (Previously Presented) A method of permitting controlled access to medical 
information of a patient, the method comprising: 

establishing a storage means for storing the medical information of the patient; 

establishing a means for accessing the medical information by the patient or any 
other authorized user; 

controlling an authorization and a scope of access to the medical information by 
the patient according to an assigned role of a user accessing the medical information by 
modifying an access control list, wherein the access control list lists each authorized user 
and the assigned role of each authorized user; 

assigning each user with a unique ID and pin, and 

tracking and notifying the patient of an identity of an entity that accessed the 
medical information, information that was accessed by the entity, and when the entity 
accessed the information. 

2. (Original) The method of claim 1, wherein the storage means is a central 
repository. 

3. (Original) The method of claim 1, wherein the means for accessing the medical 
information is controlled using a universally unique identifier. 
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4. (Original) The method of claim 1, wherein said controlling step is overridden by a 
registered emergency provider. 

5-15. (Cancelled). 

16. (Previously Presented) The method of claim 1, wherein the patient is 
compensated for permitting some of the medical information to be available and used by 
a research institution. 

17. (Previously Presented) The method of claim 1, wherein during a doctor visit the 
patient provides access to the medical information for a time period long enough to 
support the visit at which point the access times out. 

18. (Previously Presented) The method of claim 1, wherein access to the patient's 
medical information expires when a physician logs into another room/appointment. 

19. (Cancelled). 

20. (New) A machine-readable storage having stored thereon, a computer program 
having a plurality of code sections, said code sections executable by a machine for 
causing the machine to perform the steps of: 

establishing a storage means for storing the medical information of the patient; 

establishing a means for accessing the medical information by the patient or any 
other authorized user; 

controlling an authorization and a scope of access to the medical information by 
the patient according to an assigned role of a user accessing the medical information by 
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modifying an access control list, wherein the access control list lists each authorized user 
and the assigned role of each authorized user; 

assigning each user with a unique ID and pin, and 

tracking and notifying the patient of an identity of an entity that accessed the 
medical information, information that was accessed by the entity, and when the entity 
accessed the information. 

21. (New) The machine-readable storage of claim 20, wherein the storage means is a 
central repository. 

22. (New) The machine-readable storage of claim 20, wherein the means for accessing 
the medical information is controlled using a universally unique identifier. 

23. (New) The machine-readable storage of claim 20, wherein said controlling step is 
overridden by a registered emergency provider. 

24. (New) A system for permitting controlled access to medical information of a 
patient, the system comprising: 

storage means for storing medical information of the patient; 
means for accessing the medical information by the patient or any other authorized 
user; and 

means for controlling an authorization and a scope of access to the medical 
information by the patient according to an assigned role of a user accessing the medical 
information by modifying an access control list, wherein the access control list lists each 
authorized user and the assigned role of each authorized; 

means for assigning each user with a unique ID and pin, and 
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means for tracking and notifying the patient of an identity of an entity that 
accessed the medical information, information that was accessed by the entity, and when 
the entity accessed the information. 

25. (New) The system of claim 24, wherein the storage means is a central repository. 

26. (New) The system of claim 24, wherein the means for controlling the means for 
accessing the medical information comprises a unique identifier. 

27. (New) The system of claim 24, wherein said means for controlling the access of 
the medical information may be overridden by registered emergency providers. 
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